Publications

1 5 6 7 8 9 11

Security engineering of nanostructures and nanomaterials

November 10, 2016

Davood Shahrjerdi, B. Nasri, D. Armstrong, A. Alharbi, and Ramesh Karri

Proliferation of electronics and their increasing connectivity pose formidable challenges for information security. At the most fundamental level, nanostructures and nanomaterials offer an unprecedented opportunity to introduce new approaches to securing electronic devices. First, we discuss engineering nanomaterials, (e.g., carbon nanotubes (CNTs), graphene, and layered transition metal dichalcogenides (TMDs)) to make unclonable cryptographic primitives.

Securing Software Updates for Automobiles

November 7, 2016

Trishank Karthik Kuppusamy, Lois Anne Delong and Justin Cappos

Software update systems for automobiles can deliver significant benefits, but, if not implemented carefully, they could potentially incur serious security vulnerabilities. Previous solutions for securing software updates consider standard attacks and deploy widely understood security mechanisms, such as digital signatures for the software updates, and hardware security modules (HSM) to sign software updates. However, no existing solution considers more advanced security objectives, such as resilience against a repository compromise, or freeze attacks to the vehicle’s update mechanism, or a compromise at a supplier’s site. Solutions developed for the PC world do not generalize to automobiles for two reasons: first, they do not solve problems that are unique to the automotive industry (e.g., that there are many different types of computers to be updated on a vehicle), and second, they do not address security attacks that can cause a vehicle to fail (e.g. a man-in-themiddle attack without compromising any signing key) or that can cause a vehicle to become unsafe. In this paper, we present Uptane, the first software update framework for automobiles that counters a comprehensive array of security attacks, and is resilient to partial compromises. Uptane adds strategic features to the state-of-the-art software update framework, TUF, in order to address automotivespecific vulnerabilities and limitations. Uptane is flexible and easy to adopt, and its design details were developed together with the main automotive industry stakeholders in the USA.

Security engineering of nanostructures and nanomaterials

November 7, 2016

Davood Shahrjerdi, Bayan Nasri, Darren Armstrong, Abduallah Alharbi, Ramesh Karri

Proliferation of electronics and their increasing connectivity pose formidable challenges for information security. At the most fundamental level, nanostructures and nanomaterials offer an unprecedented opportunity to introduce new approaches to securing electronic devices. First, we discuss engineering nanomaterials, (e.g., carbon nanotubes (CNTs), graphene, and layered transition metal dichalcogenides (TMDs)) to make unclonable cryptographic primitives.

CamoPerturb: secure IC camouflaging for minterm protection

November 7, 2016

Muhammad YasinBodhisatwa Mazumdar, Ozgur Sinanoglu, and Jeyavijayan Rajendran

This paper presents CamoPerturb, a countermeasure to thwart the decamouflaging attack by integrating logic perturbation with IC camouflaging. CamoPerturb, contrary to all the existing camouflaging schemes, perturbs the functionality of the given design minimally, i.e., adds/removes one minterm, rather than camouflaging the design.

Decision and Game Theory for Security: 7th International Conference, GameSec 2016

November 4, 2016

Quanyan Zhu, Tansu Alpcan, Emmanouil Panaousis, Milind Tambe, and William Casey

This book constitutes the refereed proceedings of the 7th International Conference on Decision and Game Theory for Security, GameSec 2016, held in New York, NY, USA, in November 2016.

A Compact Implementation of Salsa20 and Its Power Analysis Vulnerabilities

November 1, 2016

Bodhisatwa Mazumdar, Sk. Subidh Ali, and Ozgur Sinanoglu

In this article, the authors present a compact implementation of the Salsa20 stream cipher that is targeted towards lightweight cryptographic devices such as radio-frequency identification (RFID) tags.

A Dual Perturbation Approach for Differential Private ADMM-Based Distributed Empirical Risk Minimization

October 28, 2016

Tao Zhang and Quanyan Zhu

In this paper, the authors develop a privacy-preserving method to a class of regularized empirical risk minimization (ERM) machine learning problems.

Can flexible, domain specific programmable logic prevent IP theft?

October 27, 2016

Xiaotong Cui, Kaijie Wu, Siddharth Garg and Ramesh Karri

Fab-less design houses are outsourcing fabrication to third-party foundries to reduce costs. However, this has security consequences including intellectual property (IP) theft and piracy. Obfuscation techniques have been proposed to increase resistance to reverse engineering, IP recovery, IP theft and piracy.

A Comparative Security Analysis of Current and Emerging Technologies

October 27, 2016

Chandra K.H. Suresh, Bodhisatwa Mazumdar, Sk Subidh Ali, and Ozgur Sinanoglu

In this article, the authors offer a security analysis of nanoelectromechanical systems (NEMS) and carbon nanotube (CNT). They highlight the key technology-specific features of these post-CMOS technologies that can inform the design of secure systems.

Power-side-channel analysis of carbon nanotube FET based design

October 24, 2016

Chandra K. H. Suresh, Bodhisatwa Mazumdar, Sk Subidh Ali and Ozgur Sinanoglu

Continuous scaling of CMOS technology beyond sub-nanometer region has aggravated short-channel effects, resulting in increased leakage current and high power densities. Furthermore, elevated leakage current and power density render CMOS based security-critical applications vulnerable to power-side-channel attacks. Carbon Nanotubes (CNT) is a promising alternative to CMOS technology.

Detecting malicious logins in enterprise networks using visualization

October 22, 2016

Hossein Siadati, Bahador Saket, Nasir Memon

The authors present APT-Hunter, a visualization tool that helps security analysts to explore login data for discovering patterns and detecting malicious logins

System, method and computer-accessible medium for security-centric electronic system design

October 20, 2016

Jeyavijayan Rajendran, Ramesh Karri, and Ozgur Sinanoglu

An exemplary system, method and computer-accessible medium can be provided which can include, for example, generating a super control dataflow graph(s) (CDFG) by applying a plurality of electronic system level ESL design constraints associated with an integrated circuit, determining an upper bound(s) number and a lower bound(s) number based on a number of CDFGs in the super CDFG(s)—with each number being one metric of a capability of the integrated circuit to resist reverse engineering attack—, and inserting a component(s) into a register transfer level netlist to effectuate a modification of the upper bound(s) and the lower bound(s).

GADAPT: A Sequential Game-Theoretic Framework for Designing Defense-in-Depth Strategies Against Advanced Persistent Threats

October 5, 2016

Stefan Rass and Quanyan Zhu

We present a dynamic game framework to model and design defense strategies for advanced persistent threats (APTs). The model is based on a sequence of nested finite two-person zero-sum games, in which the APT is modeled as the attempt to get through multiple protective shells of a system towards conquering the target located in the center of the infrastructure.

Optimal Contract Design Under Asymmetric Information for Cloud-Enabled Internet of Controlled Things

October 5, 2016

Juntao Chen and Quanyan Zhu

The development of advanced wireless communication technologies and smart embedded control devices makes everything connected, leading to an emerging paradigm of the Internet of Controlled Things (IoCT). IoCT consists of two layers of systems: cyber layer and physical layer. This work aims to establish a holistic framework that integrates the cyber-physical layers of the IoCT through the lens of contract theory.

Attack-Aware Cyber Insurance of Interdependent Computer Networks

October 3, 2016

Rui Zhang, Quanyan Zhu

The authors provide an integrative view of the cyber insurance through a bi-level game-theoretic model.

Can flexible, domain specific programmable logic prevent IP theft?

September 19, 2016

 Siddharth Garg, Ramesh Karri, Xiaotong Cui, Kaijie Wu

The authors propose a High Level Synthesis and Analysis (HLSA) approach that leverages embedded programmable logic (EPL) to hide sensitive parts of the IP from a rogue foundry or a rogue actor in a foundry.

A Stackelberg Game Perspective on the Conflict Between Machine Learning and Data Obfuscation

September 1, 2016

Jeffrey Pawlick and Quanyan Zhu

The authors address the strategic interaction between trackers who collect data and users when incentives to maintain privacy and improve accuracy are misaligned.

A Security Analysis of an In Vehicle Infotainment and App Platform

September 1, 2016

 Sahar Mazloom, Mohammad Rezaeirad, Aaron Hunter, and Damon McCoy

The authors discuss the security implications of the increasing trend in the automotive industry towards integrating trusted third-party apps with In-Vehicle-Infotainment systems (IVI) via smartphones.